This page lists publicly disclosed CVE vulnerabilities affecting ivanti endpoint_manager (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-8111 | SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 8.8 | 0.86% | 2026-05-12 | 2026-06-17 |
| CVE-2026-8110 | Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 7.8 | 0.24% | 2026-05-12 | 2026-06-17 |
| CVE-2026-8109 | An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 6.5 | 0.70% | 2026-05-12 | 2026-06-17 |
| CVE-2026-1603 KEV | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 8.6 | 81.09% | 2026-02-10 | 2026-06-17 |
| CVE-2026-1602 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 6.5 | 0.69% | 2026-02-10 | 2026-06-17 |
| CVE-2025-13662 | Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 7.8 | 0.47% | 2025-12-09 | 2026-06-17 |
| CVE-2025-13661 | Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 7.1 | 1.13% | 2025-12-09 | 2026-06-17 |
| CVE-2025-13659 | Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 8.8 | 1.62% | 2025-12-09 | 2026-06-17 |
| CVE-2025-10573 | Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 9.6 | 29.49% | 2025-12-09 | 2026-06-17 |
| CVE-2025-10918 | Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 7.1 | 0.21% | 2025-11-11 | 2026-06-17 |
| CVE-2025-62392 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 6.5 | 0.75% | 2025-10-13 | 2026-06-17 |
| CVE-2025-62391 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 6.5 | 0.75% | 2025-10-13 | 2026-06-17 |
| CVE-2025-62390 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 6.5 | 1.58% | 2025-10-13 | 2026-06-17 |
| CVE-2025-62389 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 6.5 | 1.58% | 2025-10-13 | 2026-06-17 |
| CVE-2025-62388 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 6.5 | 0.75% | 2025-10-13 | 2026-06-17 |
| CVE-2025-62387 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 6.5 | 1.58% | 2025-10-13 | 2026-06-17 |
| CVE-2025-62386 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 6.5 | 0.75% | 2025-10-13 | 2026-06-17 |
| CVE-2025-62385 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 6.5 | 0.75% | 2025-10-13 | 2026-06-17 |
| CVE-2025-62384 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 6.5 | 0.76% | 2025-10-13 | 2026-06-17 |
| CVE-2025-62383 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 6.5 | 0.76% | 2025-10-13 | 2026-06-17 |